About the Original Author

Recent articles by this author

The user in connectionsAdmin role is very important for a working IBM Connections infrastructure. Many components of IBM Connections as well as add-ons are using this user identity for internal communication
between the components. Unfortunately, the combination of userid and password is kept at ...

The shared directory in IBM Connections is used to store common files, message bus and data uploaded by the user. This article describes the steps which are required in case the shared directory has been transferred to a new location.

The user in connectionsAdmin role is very important for a working IBM Connections infrastructure. Many components of IBM Connections as well as add-ons are using this user identity for internal communication
between the components. Unfortunately, the combination of userid and password is kept at several places in the IBM Connections configuration. Typically, the password is not going to change ...
But what if it has to be changed ...

Introduction

The user in connectionsAdmin role is very important for a working IBM Connections infrastructure. Many components of IBM Connections as well as add-ons are using this user identity for internal communication
between the components. Unfortunately, the combination of userid and password is kept at several places in the IBM Connections configuration. Typically, the password is not going to change ...

But what if it has to be changed ...

Special characters in password

Before we have a look where to change the password of the user in connectionsAdmin role, an important remark about the characters you must not use in the password:

Avoid including the following special characters when entering passwords for WebSphere Application Server users:

&, ^, <, >, ", ', ), (, |, !, $, #, %

This list of critical characters is inconsistent to the list defined in WebSphere product documentation:

However, the trigger for creating this article was a "!" in the password of the administrative user which led to failed configuration during the implementation of updates.

So, we had to change the password.

Environment

The steps below have been verified in an environment containing the following components:

IBM Connections 5

IBM Connections Content Manager 5

IBM Docs 1.0.6

IBM File Viewer 1.0.6

IBM Cognos BI 10.1.1

All servers have been running on Microsoft Windows. Therefore, if the components in your environment are running on another support operating system, you need to adapt the directories in each step accordingly.

The LDAP user repository was Microsoft Active Directory.

The environment was configured for Windows desktop single sign-on using SPNEGO/Kerberos.

If the Microsoft Active Directory account used for connectionsAdmin is also used as Service Principal Name (SPN) for setting up SPNEGO/Kerberos,
you have to created a new keytab file after the password change on the Active Directory account.
NOTE: It is not recommended to use the same AD account for SPN as well as connectionsAdmin user.

In IBM Connectios Content Manager 4.5, the userid/password combination of FileNet admin has been stored in CEMPBoot.properties in APP-INF/lib/props.jar inside the FilenetEngine app.
In IBM Connectios Content Manager 5.0, a change has been introduced to use J2C alias "filenetAdmin".

However, as part of the encryption key migration during the migration from CCM 4.5 to CCM 5.0, the old setup gets introduced again.
So, we have to manually update CEMPBoot.properties, using the following steps:

k) Select "Replace or add a single file"
l) Specify the relative path as "APP-INF/lib/props.jar/CEMPBoot.properties"
m) Specify the path to the file on local file system
n) Click OK to update the file inside the application

Step 11: Update FileNet configuration

This step is only required once. As soon as Config1 and Config2 have been cleared, FileNet is going to use connectionsAdmin J2C alias and password changes can be implemented easily in WebSphere (see step 3).

a) Open Administration Console for Content Platform Engine (ACCE) on the FileNet system with a web browserhttps://connections.example.com/acce
b) Login with administrative userid and password

g) Click the result link in the ID column to open it for viewing and editing
h) Click the Properties inner tab

i) In the list of properties, look for "Config 1"
j) Click the arrow and select "Display or edit value"
k) Clear the value and click OK

l) In the list of properties, look for "Config 2"
j) Click the arrow and select "Display or edit value"
k) Clear the value and click OK

l) Click Save

=> Config 1 holds password for the Connections user defined in the Config 2 property.
=> Config2 holds the login name of a Connections user

If Config2 is left blank, the connectionsAdmin J2C alias will be used when FileNet contacts the Connections Activity Stream.

Step 12: Update ConfigEngine

a) On Deployment Manager, edit the following file
D:\IBM\Connections\ConfigEngine\properties\wkplc.properties
b) Update the line
WasPassword

c) On Deployment Manager, edit the following file
D:\IBM\WebSphere\AppServer\profiles\Dmgr01\ConfigEngine\properties\wkplc.properties
d) Update the line
WasPassword

e) On Deployment Manager, edit the following file
D:\IBM\WebSphere\AppServer\profiles\Dmgr01\ConfigEngine\properties\wkplc_comp.properties
f) Verify, that each line containing "adminuser.password" has "PASSWORD_REMOVED", like
communities.adminuser.password=PASSWORD_REMOVED

Step 13: Update Cognos

This step is only required if you have used the same user for Cognos administrator.